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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
05/23/2008 has been entered. 

Response to Amendment 

2. In response to communications filed on 11/1 5/2006, the Examiner acknowledges 
the amendments made to the claims and have both considered and applied them to the 
claims. 

Response to Remarks/Arguments 

3. Applicant's remarks/arguments with respect to the rejection of claims 1 -96 have 
been fully considered but they are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1 , 2, 25, 26, 49, 50, 73 and 74 are rejected under 35 U.S.C. 102(e) as 
being disclosed by Deo. 

Regarding claims 1 , 25, 49 and 73 , Deo, discloses a card device for 
communication with an electronic device, comprising: 

• a capabilities list associated with an application program, said capabilities 
list including information regarding access to one or more resources for 
use by said application program, and for storing said application program 
and a security manager (0023 - "[access control list] (ACL) controls 
access to the associated file, thereby permitting only authorized 
applications to gain access to and perform file operations on the volatile 
files" the disclosed access control lists is equated to the claimed 
capabilities list); 

• a memory for storage (Figure 1 and paragraph 0019 - "volatile rewritable 
memory in the form of RAM (Random Access Memory) 106, a ROM 
(Read Only Memory) 108, and an persistent read/write memory such as 
EEPROM (Electrically Erasable Programmable ROM) 110"); and 
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• a processor for executing said application program (Figure 1 and 
paragraph 0019 - "a CPU processor 104"). 

Regarding claims 2, 26, 50 and 74 , Deo, discloses the card device of claim 1 
wherein said one or more resources comprise at least one of data and functions 
(0020 - "operating system 1 14 exposes a set of application program interfaces 
(APIs) that enable resident applications 1 12 to perform tasks and manipulate 
data on the smart card"). 

Regarding claims 3, 27, 51 and 75 , Deo, discloses the card device of claim 1 
wherein said one or more resources comprise one or more resources external to 
said card device (0020 - "nonresident applications 116, which execute external 
to the smart card (e.g. programs on kiosks, point-of-purchase machines, etc.), 
may also place function calls with the operating system 1 14 to perform tasks or 
manipulate data on the smart card"). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 4-7, 28-31 , 52-55 and 76-79 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Deo et al. (US Patent No. 6839843 A1 hereinafter Deo) 
and further in view of Wilkinson et al. (US Patent No. 6,308,317 hereinafter 
Wilkinson). 

Regarding claims 4, 28, 52 and 76 , Deo, is silent in at least one of: terminal side 
resources and channels of a communications network, however Wilkinson does 
provide such a disclosure (Figure 1 and 7:66-67 and 8:1-4 - "terminal 14 
prepares and downloads Java applications to the integrated circuit card 10 using 
the terminal communicator 12b. The terminal communicator 12 b is a 
communications device capable of establishing a communications channel 
between the integrated circuit card 10 and terminal 14" and 8:15-19 - "terminals 
can be automated teller machines (ATMs), point-of-sale terminals, door security 
systems, toll payment systems, access control systems, or any other system that 
communicates with an integrated circuit card or microcontroller"). 

It would have been obvious for one of ordinary skill in the art, at the time of 
the invention, to have been motivated to modify the smart card subsystem 
of Deo with the integrated circuit Wilkinson, as both Deo and Wilkinson 
disclose use of a smart card in executing applications/application 
requests, however Wilkinson describes in detail the interpretation of an 
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application written in high level programming language into the low level 
language used in the execution of applications by the smart card, whereas 
Deo does not disclose such details. Wilkinson provides motivation in the 
disclosure of 3:37-46,-which recites "a need to load new applications on 
the card that do not have the explicit knowledge of the other providers, but 
without the possibility of compromising the security of the card" and 3:60- 
63, which recites that "applications may be downloaded to a smart card 
without compromising the security of the smart card. These applications 
may be provided by different companies loaded at different times using 
different terminals." 



Regarding claims 5, 29, 53 and 77 , Deo, discloses the card device of claim 1 
wherein said one or more resources comprise one or more resources owned by 
at least one of said application program and another entity (0020 - "nonresident 
applications 116, which execute external to the smart card (e.g. programs on 
kiosks, point-of-purchase machines, etc.), may also place function calls with the 
operating system 1 14 to perform tasks or manipulate data on the smart card"). 

Regarding claims 6. 30, 54 and 78 . Deo, discloses the card device of claim 5 
wherein said other entity comprise at least one of: an operating system of said 
card device and another application program (operating system 114 exposes a 
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set of application program interfaces (APIs) that enable resident applications 112 
to perform tasks and manipulate data on the smart card"). 

Regarding claims 7, 31. 55 and 79 , Deo, discloses card device of claim 1 
wherein said capabilities list comprises information regarding at least one of: 
access rights; and information required for access to a resource (0023 - "[access 
control list] (ACL) controls access to the associated file, thereby permitting only 
authorized applications to gain access to and perform file operations on the 
volatile files" the disclosed access control lists is equated to the claimed 
capabilities list). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 8-24, 32-47, 56-72 and 80-96 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Deo et al. (US Patent No. 6839843 A1 hereinafter Deo) 
in view of Wilkinson et al. (US Patent No. 6,308,317 hereinafter Wilkinson) and 
further in view of Exton et al. (US Patent No. 6,910,041 B2 hereinafter Exton) 
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Regarding claims 8, 32, 56 and 80 , Deo, is silent in disclosing the card device of 
claim 1 wherein said memory stores a first capabilities list and a second 
capabilities list, said first capabilities list comprising a handle to link to said 
second capabilities list, however Exton does provide such a disclosure (7:60-66 - 
"defining a first set of permissions [is the] first access control list" and 8:19-22 - 
"second access control list controls access ... based on second set of 
permissions"). 

It would have been obvious at the time of the invention to have been 
motivated to combine the invention of Deo and Wilkinson with the invention of 
Exton. The motivation for such a combination is provided by Exton in the 
recitation, "most administration models today revolve around defining a role for a 
particular administrator and then associating a number of tasks that a person 
with that role is permitted to perform ... it would be advantageous to provide an 
improved administration model in which the permission sets are not predefined. 

Regarding claims 9, 33, 57 and 81 . Deo, discloses the card device of claim 8 
wherein said second capabilities list is associated with one or more of other 
application programs, however Exton does provide such as disclosure (8:19-22 - 
"second access control list controls access ... based on second set of 
permissions"). 
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The rationale and motivation for this obviousness type rejection is the 
same as in claims 8, 32, 56 and 80. 



Regarding claims 10, 34, 58 and 82 , Deo, discloses the card device of claim 1 
wherein said application program is for requesting access to a resource (0008 - 
"an application requests access to a data file"). 



Regarding claims 11, 35, 59 and 83 , Deo, discloses the card device of claim 1 
wherein said application program is for transmitting a resource access request to 
a security manager and said security manager is for transmitting a verify request 
to a verification program to examine said capabilities list to determine whether 
said application program is authorized to access said resource, and for 
performing or denying said requested action based at least in part on said 
examination (0008 - "file system initially determines whether the application is 
authorized to gain access to the data file. If it is, the file system next determines 
whether the data file resides in volatile memory or nonvolatile memory. Once the 
memory region is identified, the file system identifies the physical location of the 
data file" the disclosed file system is here equated to the claimed "security 
manager"). 



Regarding claims 12, 36, 60 and 84 , Deo, discloses the card device of claim 1 1 
wherein said security manager comprises an application program interface (API) 
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(0008 - "file system exposes a set of application program interfaces (APIs) to 
allow applications to access the data files"). 

Regarding claim 13, 37, 61 and 85 , Deo, discloses the card device of claim 1 1 
wherein said security manager is for obtaining information regarding said 
requesting application program through one of inquiring at a context originating 
the resource access request and a parameter provided with said resource 
access request (0034 and 0039). 

Regarding claim 14, 38, 62 and 86 , Deo, discloses the card device of claim 1 , 
further comprising input/output means for receiving said capabilities list from at 
least one of a provider of said application program and an owner of said one or 
more resources (0023). 

Regarding claim 15, 39, 63 and 87 , Deo, discloses the card device of claim 1 
wherein said capabilities list and said application program constitute a load 
package received by said card device (0028). 

Regarding claims 16, 40, 64 and 88 , Deo, discloses the card device of claim 1 
wherein said device is configured to modify said capabilities list based at least in 
part on a subsequently received capabilities update list associated with said 
application program (0027). 
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Regarding claims 17, 41, 65 and 89 , Deo, is silent in disclosing the card device of 
claim 1 wherein said device is configured to delete said capabilities list or link 
and access rights upon receiving an instruction to delete said application 
program from the outside (0027 and 0029). 

Regarding claims 18-20, 42-44, 66-68 and 90-92 , Deo, is silent in disclosing the 
card device of claim 1 wherein said capabilities list is encrypted/cryptographically 
signed by at least one of a provider of said application program and an owner of 
said one or more resources and said processor is configured to decrypt/ 
cryptographically authenticate said capabilities list, however Wilkinson does 
provide such a disclosure (16:20-35). 

The rationale and motivation for this obviousness type rejection is the 
same as in claims 4, 28, 52 and 76. 

Regarding claims 21. 45, 69 and 93 . Deo, is silent in disclosing a processor 
further configured to cryptographically authenticate said capabilities list when 
said capabilities list is accessed, said capabilities list being successfully 
authenticated if a first fingerprint computed over said capabilities list upon storing 
capabilities list matches a second fingerprint computed over said capabilities list 
in response to a run-time request to use said capabilities list, however Wilkinson 
does provide such a disclosure (16:20-35). 
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The rationale and motivation for this obviousness type rejection is the 
same as in claims 4, 28, 52 and 76. The claimed "fingerprint" is the 
encrypted/cryptographically signed access control list/capabilities list disclosed 
by Wilkinson. 



Regarding claims 22, 45, 70, 94 , Deo, discloses the card device of claim 1 
wherein said application program comprises a plurality of modules (0056 and 
Table 1). 

Regarding claims 23, 46, 71. 95 , Deo, is silent in disclosing the card device of 
claim 1 wherein said application program comprises a Java application program 
or a Java Card.TM. applet, however Wilkinson does provide such a disclosure 
(8:20-23). 

The rationale and motivation for such obviousness type rejection is the 
same as in claims 4, 28, 52 and 76. 

Regarding claims 24, 47, 72, 96 , Deo, is silent in disclosing the card device of 
claim 1 wherein said capabilities list is embodied in a tag-length-value (TLV) 
structure, however Wilkinson does provide such a disclosure (8:24-39). 

The rationale and motivation for such obviousness type rejection is the 
same as in claims 4, 28, 52 and 76. 
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Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHINWENDU C. OKORONKWO whose telephone 
number is (571 )272-2662. The examiner can normally be reached on MWF 2:30 - 6:00, 
TR 9:00-3:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/C. C. O.I 

Examiner, Art Unit 2136 
/Nasser G Moazzami/ 
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